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DETAILED ACTION 


Response to Amendment 


1 


The examiner approves the amendment to the specification. 


2 


The examiner approves the amendment to the drawings. 


Response to Arguments 


3. Applicant's arguments with respect to claims 1-35 have been considered but are moot in view 
of the new ground(s) of rejection. 


The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 


reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- AIPA 
35 U.S.C. 102(e)). 


Claim Rejections - 35 USC §102 
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4. Claims 1, 2, 6, 10, 13, 15-17, 24-29 and 36 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Hailpern et al U.S. Patent No. 6,094,657. 

As to claims 1, 17, 22, 24, 27-29, 36 and 38, Hailpern et al discloses validating a request 
message against a predefined request message specification [column 4, lines 61-67]. Hailpern et 
al discloses transmitting the validated request message [column 8, lines 24-63]. Hailpern et al 
discloses validating a response message against a predefined response message specification 
[column 8, lines 24-63]. Hailpern et al discloses that the response message corresponds to the 
validated request [column 8, lines 24-63]. Hailpern et al discloses transmitting the validated 
response [column 5, lines 16-25]. 

As to claim 2, Hailpern et al discloses wherein the request and response message 
specifications are predefined in accordance with valid request and response message constraints 
specific to an information resource, as discussed above. 

As to claim 6, Hailpern et al discloses accessing an information resource in accordance 
with the validated request message and preparing the response message in accordance with the 
access [column 5, lines 46-60]. 

As to claim 10, Hailpern et al discloses the request and the response message validating 
are respectively performed at first and second secure data brokers on opposing sides of the 
security barrier; and wherein the validated request and response message transmissions are 
between the first and second secure data brokers [column 8, lines 24-63]. 

As to claim 13, Hailpern et al discloses at least one of the validated request message 
transmitting and the validated response message transmitting is via a secure protocol [column 10, 
lines 27-67]. 
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As to claim 15, Hailpern et al discloses that the security barrier includes a firewall 
[column 4, lines 33-38]. 

As to claim 16, Hailpern et al discloses that the security barrier includes a secure 
communication channel between servers [column 4, lines 33-38]. 

As to claim 25, Hailpern et al discloses a second data broker on the second side of the 
security barrier, wherein, in response to an access targeting the information resource, the second 
data broker validates a response message against a predefined response message specification 
and forwards only validated response messages across the security barrier [column 6, lines 16- 
67]. 

As to claim 26, Hailpern et al discloses an information resource [column 7, lines 31-49]. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claim 3 is rejected under 35 U.S.C 103(a) as being unpatentable over Hailpern et al 
U.S. Patent No. 6,094,657 as applied to claim 1 above, and further in view of Applied 
Cryptography (hereinafter Schneier). 

As to claim 3, Hailpern et al does not teach that at least one of the request and response 
message specifications is cryptographically secured. 

Schneier teaches the use and benefits of encryption, page 2. 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time invention was made to have had packet filter instructions cryptographically secured. 

It would have been obvious to modify Hailpern by the teaching of Schneier because 
cryptography offers authentication, integrity and nonrepudiation, page 2. 

6. Claims 4, 5, 7-9, 14, 18-23, 37 and 39-41 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hailpern et al U.S. Patent No. 6,094,657 as applied to claims 1 and 17 
above, and further in view of Bobo, H U.S. Patent No. 5,870,549. 

As to claims 4, 5, 7-9, 14, 19, 20, 22, 37 and 39-41, Hailpern teaches receiving, at an 
application proxy, an access request targeting an information resource, as discussed above. 
Hailpern teaches transmitting the request message to a secure data broker for the request message 
validating, as discussed above, 

Hailpern does not teach formatting the request message in a structured language 
corresponding to the request message specification. 

Bobo teaches the translation of messages into XML format [column 21, lines 37-42]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have the gateway as taught by Hailpern to format the outgoing 
packets to the XML structured language. 

It would have been obvious to have modified Hailpern et al by the teaching of Bobo 
because XML is easier to write applications for, easier to understand, and more suited to delivery 
and inter-operability over the Web [column 21 lines 33-37]. 

As to claim 18, Hailpern teaches accessing the information resource in accordance with 
the validated access request, as discussed above/ 
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As to claims 21 and 23, Hailpern teaches accessing the information resource in 
accordance with the validated access request from a client and supplying the client with a 
response in accordance with the validated response [column 9 lines 17-50]. 
7. Claims 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hailpern et al U.S. Patent No. 6,094,657 as applied to claim 1 above, and further in view of 
Ottensooser U.S. Patent No. 5,905,856. 

As to claims 1 1 and 12, Hailpern teaches rejecting packets if it is not defined by the rules 
[column 7, lines 2-33]. The Hailpern et al teaches forwarding a response message without 
transmission of the request message across the security barrier [column 6, lines 24-27]. 

Hailpern does not teach parsing the request message using Data Type Definitions (DTDs) 
encoding a hierarchy of valid tag-value pairs in accordance with syntax of a valid request 
message. 

Ottensooser teaches parsing the request message using Data Type Definitions (DTDs) 
encoding a hierarchy of valid tag-value pairs in accordance with syntax of a valid request 
message [column 7, lines 58-64; column 10 line 66 to column 1 1 line 30]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Hailpern et al so that gateway of Hailpern would 
have parsed the request message using data type definitions, encoding a hierarch of valid-tag 
pairs in accordance with the syntax of a valid request message. If the request message were not 
successfully parsed, an alert message would have been forwarded across the firewall. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Hailpern et al by the teaching of Ottensooser because the 
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structure permits the use of a simple language that allows the user to write a set of tests that 
closely match the business activities under scrutiny. The language is sufficiently high level so 
that the user does not have to be involved in the highly technical "behind the scenes" type work 
that actually tells the computer application what to do. Other products on the market are not as 
advanced and rely on the skills of computer programmers to write test plans rather than business 
users [column 13, lines 47-58]. 

8. Claims 30-33 and 35 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Clark et al U.S. Patent No. 5,710,889 in view of Chen et al U.S. Patent No. 5,602,918. 

As to claims 30, 32 and 34, Clark discloses data broker code and parser code executable 
on a first network server. Clark discloses an information source [repository 11]. Clark discloses 
that the data broker code includes instructions executable as a first instance thereof to receive 
access requests in a structured language corresponding to a predefined request message 
specification and to forward validated ones of the access requests toward the information 
resource. Clark discloses the parser code includes instructions executable as a first instance 
thereof to validate the received access request against the predefined request message 
specifications [column 5 line 63 to column 6 line 29; column 10 lines 53-61]. 

Clark does not teach a security barrier separating the first network server and the 
information resource. 

Chen teaches a system and method for establishing secured communications pathways 
across an open unsecured network, without compromising the security of any parties to the 
communication that involves establishing secured gateways or firewalls between the Internet and 
any party which desires protection, see abstract. 
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It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have a firewall between the first network server and the information 
source. Only the validated access requests would cross the firewall toward the information 
resource. 

The motivation to modify Clark by the teaching of Chen is because a firewall provides a 
safe passage between the secured network and the party on the public network [column 2 lines 
15-21]. 

As to claim 31, Clark discloses an encoding of the predefined request message 
specification [column 7 lines 53-63]. 

As to claim 33, Clark discloses an encoding of the predefined response message 
specification [column 8 lines 31-35]. 

As to claim 35, Clark discloses the computer program code is transmitted in at least one 
computer readable medium from an electronic storage medium and on a network [column 5 lines 
30-48]. 
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9. Claim 34 is rejected under 35 U.S.C. 103(a) as being unpatentable over Clark et al U.S. 
Patent No. 5,710,889 and Chen et al U.S. Patent No. 5,602,918 as applied to claim30 above, 
and further in view of Bobo, H U.S. Patent No. 5,870,549. 

The Clark-Chen combination does not teach that the application proxy code includes 
instructions executable to format the access requests in accordance with the structured language 
corresponding to the predefined request message specification. 

Bobo teaches instructions executable to format the access requests in accordance with the 
structured language corresponding to the predefined request message specification. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have the application proxy code have instructions to format the 
access requests in accordance with the structured language corresponding to the predefined 
request message specification [column 21, lines 37-42]. 

It would have been obvious to have modified the Clark-Chen combination by the 
teaching of Bobo because XML is easier to write applications for, easier to understand, and more 
suited to delivery and inter-operability over the Web [column 21 lines 33-37]. 


♦ 
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Conclusion 


10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-746-7239. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-1373. 


Aravind K Moorthy 
November 14, 2003 
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